On Wed, 2005-11-23 at 09:43 -0800, [EMAIL PROTECTED] wrote: > Hi, I am investigating kerberizing of our application using > MIT Kerberos5. Due to the nature of our application, > we cannot use DNS and must use host IP addresses > instead of hostnames during authentication.
I believe that host names are required for Kerberos operation, since they are used in the service principal names. However, host names aren't necessarily transferred over DNS. I also have this problem when using services over IPv6, and to help out, I implemented the FQDN over ICMP service for Linux. If you, too, are using Linux, you can use the program: <http://www.dolda2000.com/~fredrik/icmp-dn/> FQDN over ICMP is specified in RFC 1788 -- it's just that neither the Linux kernel nor any standard glibc NSS module implements it. Meaning: It's not just some homebrew protocol of mine, but an open standard. I don't think Windows supports it, but I'm fairly sure that it would work when talking to *BSD machines. Fredrik Tolf ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
